The present disclosure relates generally to network security and, more specifically, to recovering from rolling security token loss in an unreliable network.
A client, such as an application implemented on a mobile device, can contain paired security tokens for accessing a resource, in which one token in the pair is a short-lived token for the access (also referred to as an access token) and the second token in the pair is a single-use token (also referred to as a refresh token) for refreshing the access token. This implementation is common, e.g., when mobile applications use Open Authorization (OAuth) standard, which pairs the refresh token and the access token together as part of a grant. However, when this pair is delivered over an unreliable network, credential continuity can be lost, e.g., when a new token pair is generated by a server but the token pair is never received by the client. A network may be deemed unreliable, e.g., when it incurs intermittent network unavailability.
Among other consequences, the loss of continuity can result in a requirement that the client re-register for access to the server, which involves interactions between a device client and a help desk of the server.